Hackers are sending malicious links through comments in Google apps like Docs and Slides primarily to Outlook users -- a known vulnerability that has not been fully closed or mitigated by Google since last year, cyber-security researchers have warned.